hardware crypto and SSL?

Michael Sierchio kudzu at tenebras.com
Wed Oct 22 07:04:55 PDT 2003


Eric Anderson wrote:

> The new VIA Eden-N processors have built in high-speed AES encryption 

Forgive me, but that's really not important -- for SSL the bulk
encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which
is efficient in software .  It's the handshake and public key
operations that really benefit from the use of HW crypto.

In which case the currently-supported cards (either by the
OpenBSD /dev/crypto scheme ported by Sam Leffler, or those
directly supported in the OpenSSL engine) all work fine.

IOW the current Soekris boards help quite a bit, and they
also help because they have a HW RBG which actually stirs
the entropy pool for /dev/random -- very helpful for not
running out of random bits on machines that have no
keyboard or mouse.




More information about the freebsd-security mailing list